Search code examples
nginxdocker-composedocker-networkcertbot

How to reference web in nginx config when run with docker-compose?

I try to configure service with Nginx, Certbot and my app:

docker-compose.yml:

version: '3'

services:
 nginx:
  image: nginx:1.15-alpine
  restart: unless-stopped
  volumes:
   - ./data/nginx:/etc/nginx/conf.d
   - ./data/certbot/conf:/etc/letsencrypt
   - ./data/certbot/www:/var/www/certbot
  ports:
   - "80:80"
   - "443:443"
  command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
 certbot:
  image: certbot/certbot
  restart: unless-stopped
  volumes:
   - ./data/certbot/conf:/etc/letsencrypt
   - ./data/certbot/www:/var/www/certbot
  entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
 web:
  image: example_app:latest
  restart: unless-stopped
  ports:
   - "5005:5005"

nginx/app.conf:

server {
  listen 80;
  server_name my.app;
  server_tokens off;
  location /.well-known/acme-challenge/ {
    root /var/www/certbot;
  }
  location / {
    return 301 https://$host$request_uri;
  }
}
server {
  listen 443 ssl;
  server_name my.app;
  server_tokens off;
  ssl_certificate /etc/letsencrypt/live/my.app/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/my.app/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  location / {
    proxy_pass http://web;
  }
}

Whenever I request service by https://my.app I always 502 Gateway.

I looked through many materials and I cannot grasp what am I doing wrong?

Solution

  • The problem was with upstream service and I changed restart: unless-stopped to restart:always for web in docker-compose.yml.

    nginx/app.conf:

    upstream flask {
  server web:5005;
}

server {
    listen 80;
    server_name my.app;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name my.app;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/patricia.app/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/patricia.app/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://flask;
    }
}